Security

The security of our platform and our users’ data is a top priority. We welcome responsible disclosure of security vulnerabilities and appreciate the efforts of security researchers who help us keep Growcita safe.

Reporting Vulnerabilities

If you believe you have discovered a security vulnerability, please report it to us via email at security@growcita.com.

Please include the following information in your report:

• A detailed description of the vulnerability
• Step-by-step reproduction instructions
• An assessment of the potential impact
• Any affected URLs or API endpoints

Scope

In Scope

• growcita.com and all subdomains
• API endpoints
• Authentication flows

Out of Scope

• Third-party services (Clerk, Stripe, Composio)
• Social engineering attacks
• Denial of service (DoS) attacks
• Rate limiting issues

Response Timeline

• Acknowledgment: within 48 hours of receiving your report
• Initial assessment: within 5 business days
• Resolution: depends on severity
  • Critical: 7 days
  • High: 30 days
  • Medium: 90 days

Safe Harbor

We will not pursue legal action against security researchers who:

• Act in good faith
• Follow responsible disclosure practices
• Do not access or modify other users’ data
• Do not disrupt service availability

Recognition

We appreciate responsible disclosure and may acknowledge researchers (with their permission) on this page. If you would like to be recognized for your contribution, please let us know in your report.